Wireless Network Discovery Tools: Solutions

Let’s say you’re sitting at Starbuck’s, enjoying a Frappucino with melon syrup or any one of those drinks that have only the most nominal connection to coffee, when you need to send an e-mail. You can rush to the office and send it, or pull out your notebook and scan for a wireless network. After all, most of today’s Windows machines will do it automatically, providing they have a wireless card. Or you can use any one of the detection tools that pros (including hackers) use to sniff out airborne data. But is it illegal?

It depends — on where you live, for one. Different states have different laws, some of which make the unauthorized use of a network a misdemeanor, even if it’s for something as minor as a quick e-mail. Others make it a felony with heavy fines or worse. And federal laws may apply, too, making the problem even more complex.

A Growing Problem for Pros What if you’re not slurping an espresso but instead working in an office, scanning your own network for rogue APs (access point) when you stumble across — or even access by accident — another firm’s network? What if that firm is a competitor? What if you download a large document (say, a gigabyte) and turn their network to sludge? What if they lose business as a result?

Clearly the legal, ethical and practical issues of wireless network detection go far beyond the malicious or merely careless intent of a teenage wardriver. In a thoughtful, if dated, paper on the subject, author Eric Montcalm argues that wardriving should be likened to port scanning (see www.sans.org for his work). Port scanning, after all, is a technique that was first used by hackers but was later adopted by lawful admins and engineers to defeat hackers themselves, not unlike wardriving. And port scanning involves a similar process, in which a detection tool is used to cast a wide net and see what gets caught. What’s more, there’s a bit of law on the point: In 2000, federal judge Thomas Thrash ruled that a “victimized” party can not collect damaged from port scanning if the port scanning did not cause any harm. The efforts to track the source of the scanning, Thrash wrote, could not be considered damage, and thus not be recompensed.

What’s the bottom line? By and large, merely scanning for a network is not illegal unless you use or intend to use the network illegally. Or, for an analogy, it’s not illegal to see your neighbor through the window, unless you’re peeping or stalking (we might add: casing his house, plotting his demise with a conspirator and so forth).

Problem Solved? But a pat analogy does little to help admins and IT managers who need to wardrive to protect their networks, and in the process risk legal action. After all, depending on where you live and what laws you’re subject to, using a network illegally can simply mean using a network at all, if you don’t have permission. Even the most inadvertent access could be, depending on context and regardless of intent, a crime.

For IT pros, there’s no foolproof answer to the problem, in part because the technologies are so new and the laws have yet to catch up to them. (Oliver Wendell Holmes, beloved among jurists, once said the law should be stable but never stand still; Oliver Wendell Holmes, we note, did not have a computer.) But problems aside, a solid, thorough and thoroughly enforced network detection policy is a good place to start and every bit as useful as a policy for proper e-mail use or Web surfing.

With the help of your firm’s legal advisors, you can devise a protocol for wardriving that spells out what you will and won’t do in scanning for APs, rogue or not. For instance, you might stipulate that all wardriving be done in your office or lobby and not with a yagi from the nearest tall building. The former behavior implies a useful, lawful, harmless corporate pursuit; the latter implies a form of cloak-and-dagger data theft of the kind you’d see in a James Bond film (and it may be hard to explain to the police should they catch you on top of that building, antenna in hand).

As a second precaution, you might decide that even the simplest, quickest, most innocent use of another firm’s AP be recorded, examined and reported to the other firm. If nothing else, this shows your goodwill (and by inference, harmless intent); what’s more, it can be helpful to disclose an inadvertent and fleeting use of a firm’s AP before they discover it on their own, in which case they may not view your error with as much latitude as they would had you been the one who told them of it. But — and this point is vital — an attorney, and especially one with a tort or technology background, should have a voice in deciding such issues because the legal fallout can be complex.

But then, complexity is an ingrained part of the problem when you scan the airwaves for that all-precious commodity in today’s corporate world: access and the data that drives it.

Wardriving Tools Wardriving and even war-chalking (in which the presence of an AP is marked by chalking a building or sidewalk, often in special code) is not always unlawful, much less illegal. And you’re not constrained to cryptic software published in fleeting chat rooms to do it. In fact, some of the best wardriving tools are well known. Here are just a few:

NetStumblerwww.stumbler.net This is one of the most popular wardriving tools, which at times are simply called stumblers. Its cousin, MiniStumbler, can be used for Windows CE devices.

PocketWarriorwww.pocketwarrior.com This tool is designed for Pocket PCs to make wardriving less bulky or inconvenient.

AirCrackhttp://freshmeat.net/projects/aircrack AirCrack is not one tool but a suite of tools used to audit, and not merely find, a wireless network. It’s often used to test your own networks.

iStumblerwww.istumbler.com If you’re a Mac user and have an AirCard, this is your tool. iStumbler is open source; it’s also free.

David Garrett is a Web designer and former IT director, as well as the author of “Herding Chickens: Innovative Techniques in Project Management.” He can be reached at dgarrett@certmag.com.